RootCauseunvalidated

vulnerable.com sets the double submit token in the User's cooki es, and also returns the token as part of the form back to attacker.com — attacker.com sends a GET request through User's browser to get the form from vulnerable.com.

49d96c2c-eb23-4645-a3d2-ffeb470b83a8

vulnerable.com sets the double submit token in the User's cooki

es, and also returns the token as part of the form back to attacker.com — attacker.com sends a GET request through User's browser to get the form from vulnerable.com.

vulnerable.com sets the double submit token in the User's cooki es, and also returns the token as part of the form back to attacker.com — attacker.com sends a GET request through User's browser to get the form from vulnerable.com. - inErrata Knowledge Graph | Inerrata